Blocking attachments on Contact form

  • Hi. IPGB is blocking unregistered users from using my contact page to send attachments. It wasn’t allowing any email to go through from my contact page, but I checked the ajax exception for Caldera forms, and that worked. But it’s still blocking any emails that contain attachments. What do I need to do to allow this? Thanks!

    Here are the error messages I’m getting:

    – 2018-06-05 16:04:25 upload* POST:/cf-api/CF5b15c01de18a8(HTTP_X_HOST=townline.org,HTTP_X_VARNISH=1693090985,HTTP_X_CLIENT_IP=173.239.215.2,HTTP_X_UA_DEVICE=pc,HTTP_X_EPOCH_TIME=1528229065,HTTP_DNT=1,HTTP_X_REQUESTED_WITH=XMLHttpRequest,HTTP_REFERER=https://townline.org/contact-us/)
    – 2018-06-05 16:47:03 upload* POST:/cf-api/CF5b15c01de18a8/upload/(HTTP_X_HOST=townline.org,HTTP_X_VARNISH=1693560540,HTTP_X_CLIENT_IP=173.239.215.2,HTTP_X_UA_DEVICE=pc,HTTP_X_EPOCH_TIME=1528231622,HTTP_DNT=1,HTTP_X_REQUESTED_WITH=XMLHttpRequest,HTTP_REFERER=https://townline.org/contact-us/,HTTP_ORIGIN=https://townline.org)
    – 2018-06-05 17:43:19 upload* POST:/cf-api/CF5b15c01de18a8/upload/(HTTP_X_HOST=townline.org,HTTP_X_VARNISH=1694169364,HTTP_X_CLIENT_IP=173.239.215.2,HTTP_X_UA_DEVICE=pc,HTTP_X_EPOCH_TIME=1528234998,HTTP_DNT=1,HTTP_X_REQUESTED_WITH=XMLHttpRequest,HTTP_REFERER=https://townline.org/contact-us/)
    – 2018-06-05 17:29:37 upload* POST:/cf-api/CF5b15c01de18a8/upload/(HTTP_X_HOST=townline.org,HTTP_X_VARNISH=1694019061,HTTP_X_CLIENT_IP=173.239.215.2,HTTP_X_UA_DEVICE=pc,HTTP_X_EPOCH_TIME=1528234175,HTTP_DNT=1,HTTP_X_REQUESTED_WITH=XMLHttpRequest,HTTP_REFERER=https://townline.org/contact-us/,HTTP_ORIGIN=https://townline.org)
    – 2018-06-05 16:59:43 upload* POST:/cf-api/CF5b15c01de18a8/upload/(HTTP_X_HOST=townline.org,HTTP_X_VARNISH=1693699470,HTTP_X_CLIENT_IP=173.239.215.2,HTTP_X_UA_DEVICE=pc,HTTP_X_EPOCH_TIME=1528232381,HTTP_DNT=1,HTTP_X_REQUESTED_WITH=XMLHttpRequest,HTTP_REFERER=https://townline.org/contact-us/,HTTP_ORIGIN=https://townline.org)
    – 2018-06-05 17:39:01 upload* POST:/cf-api/CF5b15c01de18a8/upload/(HTTP_X_HOST=townline.org,HTTP_X_VARNISH=1694121094,HTTP_X_CLIENT_IP=173.239.215.2,HTTP_X_UA_DEVICE=pc,HTTP_X_EPOCH_TIME=1528234741,HTTP_DNT=1,HTTP_X_REQUESTED_WITH=XMLHttpRequest,HTTP_REFERER=https://townline.org/contact-us/,HTTP_ORIGIN=https://townline.org)

    And here is the error from the log file:

    Request
    POST[80]:/cf-api/CF5b15c01de18a8/upload/
    User agent
    Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
    HTTP headers
    HTTP_X_HOST=townline.org,HTTP_X_VARNISH=1694169364,HTTP_X_CLIENT_IP=173.239.215.2,HTTP_X_UA_DEVICE=pc,HTTP_X_EPOCH_TIME=1528234998,HTTP_DNT=1,HTTP_X_REQUESTED_WITH=XMLHttpRequest,HTTP_REFERER=https://townline.org/contact-us/
    $_POST data
    FILES=Array ( [fld_9302204] => Array ( [name] => American_Automobile_Association_logo.svg.png [type] => image/png [tmp_name] => /tmp/php6pckIV [error] => 0 [size] => 65436 ) ) ,field,control

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @eonxl,

    I’m sorry for this issue and must apologize current poor documentation for help.

    Would you make “Prevent malicious file uploading” in “Validation rule settings” section disabled OR make “Capabilities to be verified” text field empty, and have another try?

    Capabilities to be verified” assumes that only logged-in users are permitted to upload files. But there are some cases that vulnerable plugins/themes may forget to verify user’s authentication and capability. That’s why this plugin has “Prevent malicious file uploading” instead of them.

    But this is not your case.

    I hope this may help to resolve your issue.
    Thanks for asking.

    Thread Starter eonxl

    (@eonxl)

    Thanks very much for getting back to me so quickly. As soon as I get the chance, I will implement your suggestions and do some testing.

    Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @eonxl,

    It’s OK at your own pace!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Blocking attachments on Contact form’ is closed to new replies.